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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH{S) OR THIRTY (30) DAYS. 
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Status 

1 )I3 Responsive to comnnunication(s) filed on 05 August 2003 . 
' 2a)n This action is FINAL. 2b)IEI This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) S Claim(s) 1:20 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 07 January 2004 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 1 7.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-20 have been examined. 

Information Disclosure Statement 

2. The infonnation disclosure statements (IDS) submitted on November 1 0, 2003, 
October 4, 2004, May 31 , 2005, July 22, 2005, December 27, 2005, March 30, 2006, 
August 18, 2006, and November 20, 2006, are in compliance with the provisions of 37 
CFR 1 .97. Accordingly, the infonnation disclosure statement is being considered by the 
examiner. 

Claim Objections 

3. Claims 1-11 are objected to because of the following infomialities: claim 1 , line 
14, is missing the word '1he" after "operating on" and before "password"; claim 8 cites 
the word "number" twice in a row. The remaining claims, 2-1 1 , are dependent upon 
claim 1 and therefore Inherit its deficiencies. Appropriate correction is required. 



Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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5. Claims 1-11 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

6. Claim 1 recites the limitation "calculating a first key" in lines 12 and 14. The 
presence of two "first keys" that are operated on by a server and a client is unclear as to 
which key is the first key. 

7. Claims 2-1 1 are dependent upon claim 1 and therefore inherit its deficiencies. 

Claim Rejections ' 35 use § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth In this Office action: 

(a) A patent may not be obtained though the Invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill In the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Mauro et al. (U.S. Patent Pub. No. 2002/0146128) in viewof Euchner (U.S. Patent No. 
7,007,164). 

Regarding claims 1 and 12 . Mauro et al. teaches a method/system of performing 
a key exchange between a client and a server having a process-based security system 
comprising the steps of: 

• Sending user identification information from the client to the server (paragraph 

0031 , key exchange includes identification); 
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• Modifying the task structure of tlie client by tlie server to reflect a pending 
request for key exchange (paragraph 0036, a semaphore is set to lock other 
processes from accessing a shared resource); 

• Generating a first random number; sending the first random number to the client; 
calculating a first key using a transformative function operating on the first 
random number by the server; calculating a first key using the transformative 
function operating on the first random number by the client; using the result of the 
calculated first key as a first key (paragraph 0037, a Diffie-Hellman key exchange 
takes place by generating random numbers by the client and the server and 
generating a common key by using the random number); and 

• Modifying the task structure of the client by the server to reflect the completion of 
the key exchange (paragraph 0036, the semaphore is cleared to allow other 
processes to access the shared resource). 

Mauro et al. does not teach retrieving a password associated with the user 
identification information by the server; entering a password at the client; calculating a 
first key using a transfomiative function operating on the password by the server; and 
calculating a first key using the transfomiative function operating on the password by . 
the client. 

Euchner teaches retrieving a password associated with the user identification 
information by the server; entering a password at the client; calculating a first key using 
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a transformative function operating on tlie password by the server; and calculating a 
first key using the transformative function operating on the password by the client (fig. 1 
and col. 3, line 58 through col. 4, line 19). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine retrieving a password and calculating a key based on 
the password, as taught by Euchner . with the method/system of Mauro et al. It would 
have been obvious for such modifications because using a password as part of a Diffie- 
Hellman key exchange between a client and a server enables the client and server to 
already have the "secret" prior to the key exchange. The password provided by the 
client for key exchange is already stored on the server. 

Regarding claim 2 . Mauro et al. as modified by Euchner teaches wherein said 
client is a process executed on the server (see figure 1 of IVIauro et al.). 

Regarding claim 3 . Mauro et al. as modified by Euchner teaches wherein said 
client is a process running on a remote machine (see fig. 1 , ref. num 14 of Mauro et al., 
a DSP is a processor that can run on any machine, local or remote, that has a 
processor). 
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Regarding claims 4 and 15 , Mauro et al. as modified by Euchner teaches 
wherein said transfomnatlve function is a hash function (see fig. 1 and col. 3, line 58 
through col. 4, line 19 of Euchner). 

Regarding claims 5 and 16 , Mauro et al. as modified by Euchner teaches 
wherein said- transformative function is a l^eyed MD5 signature function (see paragraph 
0028 of fVlauro et al.). 

Regarding claims 6 and 17 . Mauro et al. as modified by Euchner teaches 
wherein the first key is used for communication using symmetric encryption (see col. 3, 
lines 20-22 of Euchner). 

Regarding claims 7 and 20 , Mauro et al. as modified by Euchner teaches 
wherein said first random number is generated using noise (see paragraph 0037 of 
Mauro et al., a Diffie-Hellman key exchange can use any source for a random number, 
such as noise). 

Regarding claim 8 , the examiner takes Official Notice that said first random 
number is sixteen bits in length. The combination of references teaches using a 
random number between the client and the server in order to use a Diffie-Hellman key 
exchange. Diffie-Hellman does not require a certain key length, so a J6 bit key length 
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A longer key length would provide more 



Regarding claims 9 and 18 , Mauro et al. as modified by Euchner teaches further 
comprising the steps of: 

• Generating a second random number by the server; sending the second random 
number to the client; calculating a second key using the transformative function 
operating on the password and second random number by the server; calculating 
a second key using the transfomiative function operating on the password and 
second random number by the client; using the calculated second key as a 
second key (see fig. 1 of Euchner, the client and server each create a key used 
for communication with each other). 

Regarding claims 10 and 19 , Mauro et al. as modified by Euchner teaches 
wherein said first key is used to encrypt communications from the client to the server 
and said second key is used to encrypt communications from the server to the client 
(see fig. 1, ref. num 106 and 108 of Euchner). 

Regarding claims 11 and 14 . Mauro et al. as modified by Euchner teaches where 
said retrieved password is cleartext (see col. 4, lines 14-15 of Euchner, Diffie-Hellman 
key exchange allows all values to be sent in the clear, except for the keys, i.e., g^ or g*^). 
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Regarding claim 13 . Mauro et al. as modified by Euchner teaches wlierein the 
l<ey exchange server processor is communicably connected to the client by a network 
(see col. 4, lines 61-67 of Euchner). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 

272- 3863. The examiner can nomially be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status infomnation for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomiation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated Infonnation 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





